Authenticating Active Directory user in ASP.NET

How to authenticate the AD user in ASP.NET by using Directory Services

Introduction

In this article I am concentrating on the validation of the Active Directory user through the ASP.NET pages and in fact you can validate the user in any sort of code (non-ASP.NET). The basic things remain the same but the implementation part will depend on the type of requirement. First of all you need to inclue the following code in the .cs file to freely use the directory services.

using System.DirectoryServices;

This will allow you to get the namespace available in your code. Then to get in to the Active Directory server you need to provide the LDAP path which will find the server from the network. Now this you can will be encapsulated in the DirectoryEntry class. The following code will try to contect the server by the user name and passwords provided by you.

As per the user name and password this will give you the abstracted property names and value pair collection. Which you can filter later to find out the information specific to the user. To get the specific information you need the DirectorySercher object which will find all the information you need in name value pairs.

Over here I try to get the information for the user named jignesh. So for the filter string it is cn=jignesh. This is specific to Active Directory; and you should know all LDAP information about your Active Direcotry. Now is the time to rotate through the name value pair which is quite easy and which you can easily understand.

Thats it. This way you can connect with the server through the LDAP and fetch all the information from that. Like user name password etc. You can set the parameters too.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

Hi chetan,
I'm developing LDAP application where in I need to search and List all user in the domain.
I tried your code but i get error in syntax: "properties = searchRoot.Properties;".
Please help me out as it is very urgent.
I'll be very thankful to you.

Hello, the above code works awesome for me as long as I hard code my password into the GetGroups method call. Is there a way to grab this programatically from the NT login? I am able to grab the username by going HttpContext.Current.User.Identity.Name but I cna't seem to find something like that for the password. I have never attempted anything using AD before so I am a little lost and confused. Thanks in advance for your help.

I get the same problem.
Guessing you're using Windows Authentication on you IIS server.
Turns out, if you don't provide a username and password for you DirectoryEntry root, it uses the ISS server credentials, which most likely are not an acceptable domain user.

this is the code from msdn but i dont understand what to fill in for this string "LDAP://DC=onecity,DC=corp,DC=fabrikam,DC=com"
like "LDAP://path" means "LDAP://LDAP://ADservername, "username","password");

This is the link from msdn "ms-help://MS.MSDNQTR.2003FEB.1033/vbcon/html/vbtskCreatingADSIComponents.htm"
from where the above code is originate.

The LDAP path is the user object in Active Directory. Understanding the full realm of Active Directory is probably beyond something that can be written here. Basically the path will determine the location of the object (i.e. user, group, computer, etc) in the Active Directory Tree. For example, a user named jstrong located in the Organizational Unit beecham in the marty domain will have a path LDAP://cn=jstrong,ou=beecham,dc=marty,dc=com. I know that may not provide you with much, but it is a vast topic. Do some searches online to see if you can get a better understanding of how AD is designed.

I have been trying to connect to my IMail LDAP installed locally. Would the connection string in this case be LDAP://localhost/CN=abc ?? I am really looking for a working example of connecting to a locally installed LDAP server with searching or authenticating users. I would like to know if anyone has done this and could help me out here?

Whenever i connect using the LDAP://localhost or any domain name for that matter it just gives the same error saying "Server not operational" . Any help is appriciated.

Hi,
i tried with that code and it works fine,but i had to provide the password for getting connected to active directory,i dont think this is secure enough
if you go through the security aspects.
So kindly tell me is there any way where i dont need to provide the password
Please help as i am really stuck with it.
Thanks,
Swarup

I have not tested this code yet, but I suspect that you wrote it using a release canidate instead of the RTM .NET?

I say this because I just went through trying this in a webservice and found that I could not authenticate this way due to security restrictions that are in place on the account responsible for running the asp.net worker process.

I have been trying to get the impersonation in the web.config file to work but for now have bneded up setting the process model impersonation to 'system' instead of the default 'machine' account that it was set for.

I'm trying to use your code for an application where i need to access exchange server so one thing I need is check the user in AD, I run the code and appears an error telling me that the namespace DIrectoryServices doesn't exists, maybe something i missing or I need a refernce to an assembly that I don't have in my bin directory, I'll ver grateful if U can help me

Yep Nice article .. I think I saw the same code in MSDN ..
Anyway, this doesn't Authenticate anything does it ???
What it does do is allow you to search a tree for user names and other attributes .. Great .. but does anyone know how to authenticate a user ?